Knowledge
Search knowledge... ⌘K
Knowledge · Guidelines · architecture
Credential Management
How to securely store and reference credentials in SBX workspace projects
Metadata
architecture recommended
Procedures
Showing 3 of 7
- 1 Store all credentials in 1Password
Use the project vault with environment separation: op://{project}-{env}/...op://sbx-dev/postgres/password
- 2 Reference via op:// URI in workspace YAML
Use the credential_ref field in ConnectionConfig, never inline passwords
credential_ref: op://sbx-dev/postgres/password # NEVER: password: "mysecret123"
- 3 Mask credentials in API responses
Any API endpoint returning connection config must replace credential values with masked placeholders
// Go: masking in API handler config.Password = "••••••••" config.SecretAccessKey = "••••••••"
Tools
- 1Password CLI
- SBX vault package
- SBX op-adapter
References
- external OWASP Secret Management Cheat Sheet